Defending against accidental or malicious misuse, loss, or theft of laptops is a crucial part of SMB security planning and design. In this section, we look at the differences between protecting these mobile devices and static desktop systems.
In this section, we continue our look at classifying data with a discussion of common storage locations, how sensitive information is shared or accessed, and retention/e-discovery considerations.
Security planning consists of three steps: assigning data owners and data classification, understanding how sensitive information is used, and developing a security strategy and controls design. In this article, we step through the initial planning step: data ownership and classification.
This is the introductory article in a series covering all aspects of securing a SMB’s sensitive data and critical systems. When the series is complete, it will be a how-to manual for unserstanding security and how to apply just enough resources to protect information assets without going broke.
In this article, we continue the series on data security incident management with an examination of what happens after a software or human security threat is identified and contained: eliminate the data security threat and restore data and network services.
In the previous articles in this series, we looked at preparing for incidents and how to detect and analyze them when they happen. In this article, we examine how to contain a network security threat agent, minimizing the impact to a business.
In Part 1 we defined data incident management and examined how to prepare for incidents when they occur. In this article, we continue the series by examining how to prevent data loss and network outages. The methods of detecting, analyzing, and reporting data issues to recovery teams are explained.